Researchers of the popular TV and movie streaming service Netflix have identified and resolved four major Linux and FreeBSD vulnerabilities.
These vulnerabilities, associated with TCP Selective Acknowledgement (SACK) and minimum segment size (SSP) capabilities, possessed the ability to cripple networking on affected systems by introducing a distributed denial of service. Victims of such attacks would experience throttled servers, system overloads, and crashes.
What Was Exposed and Needs Patching
CVE-2019-11477: SACK Panic
Attackers could induce a series of SACKs, triggering an integer overflow and ultimately causing a kernel panic. Simply put, this vulnerability left untreated allows a hacker to create a system crash.
CVE-2019-11478: SACK Slowness
This vulnerability, which affects only Linux servers, allows bad actors to send a crafted sequence of SACKs, which will fragment the TCP retransmission queue. This causes the affected server to over-consume resources and bandwidth, leading to lowered system performance, and allowing the hacker to process malicious requests to the server.
CVE-2019-5599: SACK Slowness
This vulnerability is similar to the second vulnerability, but specifically for FreeBSD users.
CVE-2019-11479: Excess Resource Consumption Due to Low MSS Values
An attacker can remotely manipulate the Linux kernel to segment its responses into multiple TCP segments. This significantly drives up the bandwidth usage needed to process the same amount of data, causing an overload. In addition, it uses additional resources (CPU and NIC processing power).
Left untreated, these vulnerabilities can cause havoc, but there are patches and workarounds for each vulnerability.
Netflix quickly resolved the situation, but companies must apply the proper patches quickly to ensure they aren’t victimized. Leaving your data security up to chance makes you vulnerable to bad actors.
Protect Your Company with a SOC-as-a-Service
Vulnerabilities and data breaches now appear in the news on a daily basis. That’s why companies must guard their sensitive information vigilantly. A security operations center (SOC)-as-a-service lets organizations benefit from comprehensive cybersecurity protection without having to heavily invest in building a SOC from the ground up internally.
Arctic Wolf can help you bolster your security efforts so that you don’t have to fall victim to cyberattackers.
If you’re looking to safeguard your company against vulnerabilities, data breaches, and other threats, find out why a SOC-as-a-service is often the difference between staying safe and being victimized. Download our Definitive Guide to SOC-as-a-Service